2013年5月31日金曜日
31日 金曜日、先勝
+ RHSA-2013:0884 Moderate: libtirpc security update
http://rhn.redhat.com/errata/RHSA-2013-0884.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1950
+ RHSA-2013:0883 Important: gnutls security update
http://rhn.redhat.com/errata/RHSA-2013-0883.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116
+ UPDATE: HPSBGN02589 SSRT100296 rev.2 - HP ProCurve Access Points, Access Controllers, and Mobility Controllers, Privilege Escalation
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c02544568-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
Check Point response to 'SSH encapsulated in DNS traffic is not detected by Application Control'
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92938&src=securityAlerts
Trend Micro Web Security for Yamaha 新機種のサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1964
チェックしておきたい脆弱性情報<2013.05.31>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130527/479962/?ST=security
IDとパスワードに頼る認証は、もう破綻している
http://itpro.nikkeibp.co.jp/article/Watcher/20130530/480791/?ST=security
阪急阪神百貨店のショッピングサイトで、クレジットカード情報など2382人分の個人情報が漏洩
http://itpro.nikkeibp.co.jp/article/NEWS/20130530/480861/?ST=security
Cisco NX-OS Nexus 1000v Bugs Let Remote Users Gain Control, Deny Service, and Bypass Security
http://www.securitytracker.com/id/1028606
REMOTE: Logic Print 2013 - Stack Overflow (vTable Overwrite)
http://www.exploit-db.com/exploits/25835
REMOTE: Intrasrv Simple Web Server 1.0 - SEH Based Remote Code Execution
http://www.exploit-db.com/exploits/25836
REMOTE: IBM SPSS SamplePower C1Tab ActiveX Heap Overflow
http://www.exploit-db.com/exploits/25814
DoS/PoC: Monkey HTTPD 1.1.1 - Crash PoC
http://www.exploit-db.com/exploits/25837
2013年5月30日木曜日
30日 木曜日、赤口
+ CESA-2013:0868 Moderate CentOS 6 haproxy Update
http://lwn.net/Alerts/552183/
+ CESA-2013:0869 Important CentOS 6 tomcat6 Update
http://lwn.net/Alerts/552184/
+ CESA-2013:0870 Important CentOS 5 tomcat5 Update
http://lwn.net/Alerts/552157/
+ BIND 9.9.3, 9.8.5, 9.6-ESV-R9 released
https://kb.isc.org/article/AA-00927
https://kb.isc.org/article/AA-00928
https://kb.isc.org/article/AA-00929
+ DHCP 4.2.5-P1 released
https://kb.isc.org/article/AA-00891
+ A Vulnerability in libdns Could Cause Excessive Memory Use in ISC DHCP 4.2
https://www.isc.org/software/dhcp/advisories/cve-2013-2494
CVE-2013-2494
+ A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named
https://www.isc.org/software/bind/advisories/cve-2013-2266
CVE-2013-2266
+ UPDATE: HPSBPI02869 SSRT100936 rev.2 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03744742-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ SA53154 Apache HTTP Server mod_rewrite Vulnerability
http://secunia.com/advisories/53154/
CVE-2013-1862
+ Linux kernel net oops from tcp_collapse() using splice(2)
http://cxsecurity.com/issue/WLB-2013050210
VSX Virtual System might be left without 'Default Policy' if installation of policy fails
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92812&src=securityAlerts
世界のセキュリティ・ラボから
企業に提案するサイバーセキュリティのロードマップ
http://itpro.nikkeibp.co.jp/article/COLUMN/20130529/480401/?ST=security
JVN#90289505 モバツイtouch の Content Provider にアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN90289505/
JVN#22756333 Sleipnir Mobile for Android におけるアドレスバー偽装の脆弱性
http://jvn.jp/jp/JVN22756333/
REMOTE: IBM SPSS SamplePower C1Tab ActiveX Heap Overflow
http://www.exploit-db.com/exploits/25814
DoS/PoC: CodeBlocks 12.11 (Mac OS X) - Crash POC
http://www.exploit-db.com/exploits/25809
http://lwn.net/Alerts/552183/
+ CESA-2013:0869 Important CentOS 6 tomcat6 Update
http://lwn.net/Alerts/552184/
+ CESA-2013:0870 Important CentOS 5 tomcat5 Update
http://lwn.net/Alerts/552157/
+ BIND 9.9.3, 9.8.5, 9.6-ESV-R9 released
https://kb.isc.org/article/AA-00927
https://kb.isc.org/article/AA-00928
https://kb.isc.org/article/AA-00929
+ DHCP 4.2.5-P1 released
https://kb.isc.org/article/AA-00891
+ A Vulnerability in libdns Could Cause Excessive Memory Use in ISC DHCP 4.2
https://www.isc.org/software/dhcp/advisories/cve-2013-2494
CVE-2013-2494
+ A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named
https://www.isc.org/software/bind/advisories/cve-2013-2266
CVE-2013-2266
+ UPDATE: HPSBPI02869 SSRT100936 rev.2 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03744742-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ SA53154 Apache HTTP Server mod_rewrite Vulnerability
http://secunia.com/advisories/53154/
CVE-2013-1862
+ Linux kernel net oops from tcp_collapse() using splice(2)
http://cxsecurity.com/issue/WLB-2013050210
VSX Virtual System might be left without 'Default Policy' if installation of policy fails
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92812&src=securityAlerts
世界のセキュリティ・ラボから
企業に提案するサイバーセキュリティのロードマップ
http://itpro.nikkeibp.co.jp/article/COLUMN/20130529/480401/?ST=security
JVN#90289505 モバツイtouch の Content Provider にアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN90289505/
JVN#22756333 Sleipnir Mobile for Android におけるアドレスバー偽装の脆弱性
http://jvn.jp/jp/JVN22756333/
REMOTE: IBM SPSS SamplePower C1Tab ActiveX Heap Overflow
http://www.exploit-db.com/exploits/25814
DoS/PoC: CodeBlocks 12.11 (Mac OS X) - Crash POC
http://www.exploit-db.com/exploits/25809
2013年5月29日水曜日
29日 水曜日、大安
+ RHSA-2013:0869 Important: tomcat6 security update
http://rhn.redhat.com/errata/RHSA-2013-0869.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2051
+ Opera 15.0 Next released
http://www.opera.com/docs/changelogs/unified/1500n/
+ RHSA-2013:0870 Important: tomcat5 security update
http://rhn.redhat.com/errata/RHSA-2013-0870.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976
+ Windows Kernel 'win32k.sys' Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028591
+ REMOTE: Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
http://www.exploit-db.com/exploits/25775
+ Facebook HTTP Graph API Users ID (and others) Information Disclosure
http://cxsecurity.com/issue/WLB-2013050198
+ Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
http://cxsecurity.com/issue/WLB-2013050174
+ Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
http://www.securityfocus.com/bid/60186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976
Trend Micro Control Manager 5.5 Service Pack 1 Patch 3 build 1850 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1961
チェックしておきたい脆弱性情報<2013.05.28>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130527/479681/?ST=security
ファイルの「メタデータ」に重要な情報が潜む――ケビン・ミトニック氏
企業のソフトウエア利用状況やネットワーク情報が丸裸に
http://itpro.nikkeibp.co.jp/article/NEWS/20130528/480063/?ST=security
LOCAL: AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass
http://www.exploit-db.com/exploits/25776
http://rhn.redhat.com/errata/RHSA-2013-0869.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2051
+ Opera 15.0 Next released
http://www.opera.com/docs/changelogs/unified/1500n/
+ RHSA-2013:0870 Important: tomcat5 security update
http://rhn.redhat.com/errata/RHSA-2013-0870.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976
+ Windows Kernel 'win32k.sys' Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028591
+ REMOTE: Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
http://www.exploit-db.com/exploits/25775
+ Facebook HTTP Graph API Users ID (and others) Information Disclosure
http://cxsecurity.com/issue/WLB-2013050198
+ Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
http://cxsecurity.com/issue/WLB-2013050174
+ Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
http://www.securityfocus.com/bid/60186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976
Trend Micro Control Manager 5.5 Service Pack 1 Patch 3 build 1850 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1961
チェックしておきたい脆弱性情報<2013.05.28>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130527/479681/?ST=security
ファイルの「メタデータ」に重要な情報が潜む――ケビン・ミトニック氏
企業のソフトウエア利用状況やネットワーク情報が丸裸に
http://itpro.nikkeibp.co.jp/article/NEWS/20130528/480063/?ST=security
LOCAL: AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass
http://www.exploit-db.com/exploits/25776
2013年5月28日火曜日
28日 火曜日、仏滅
+ Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
http://www.securityfocus.com/bid/60167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2115
+ Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
http://www.securityfocus.com/bid/60166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1966
Universal Database Tools - DtSQL 2.5.1 is released (FREE)
http://www.postgresql.org/about/news/1466/
宮本和明のシリコンバレー最新技術報告
仮想化技術で攻撃を封じ込める次世代ファイアウオール、XenSource創業者が開発
http://itpro.nikkeibp.co.jp/article/COLUMN/20130526/479642/?ST=security
最新サイバー攻撃に備える
Yahoo!に続き三越も攻撃、不正ログインにサイト運営者はどう対抗する
http://itpro.nikkeibp.co.jp/article/COLUMN/20130527/479767/?ST=security
約11万件のカード情報が流出、携帯とWi-FiレンタルのGLOBALDATAとGlobal Cellularから
http://itpro.nikkeibp.co.jp/article/NEWS/20130527/480001/?ST=security
JVN#31817913 Yahoo!ブラウザーにおけるアドレスバー偽装の脆弱性
http://jvn.jp/jp/JVN31817913/
http://www.securityfocus.com/bid/60167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2115
+ Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
http://www.securityfocus.com/bid/60166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1966
Universal Database Tools - DtSQL 2.5.1 is released (FREE)
http://www.postgresql.org/about/news/1466/
宮本和明のシリコンバレー最新技術報告
仮想化技術で攻撃を封じ込める次世代ファイアウオール、XenSource創業者が開発
http://itpro.nikkeibp.co.jp/article/COLUMN/20130526/479642/?ST=security
最新サイバー攻撃に備える
Yahoo!に続き三越も攻撃、不正ログインにサイト運営者はどう対抗する
http://itpro.nikkeibp.co.jp/article/COLUMN/20130527/479767/?ST=security
約11万件のカード情報が流出、携帯とWi-FiレンタルのGLOBALDATAとGlobal Cellularから
http://itpro.nikkeibp.co.jp/article/NEWS/20130527/480001/?ST=security
JVN#31817913 Yahoo!ブラウザーにおけるアドレスバー偽装の脆弱性
http://jvn.jp/jp/JVN31817913/
2013年5月27日月曜日
27日 月曜日、先負
+ About the security content of QuickTime 7.7.4
http://support.apple.com/kb/HT5770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1022
+ CESA-2013:0847 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/551400/
+ CESA-2013:0830 Important CentOS 6 kernel Update
http://lwn.net/Alerts/551049/
+ CESA-2013:0831 Moderate CentOS 6 libvirt Update
http://lwn.net/Alerts/551051/
+ phpMyAdmin 4.0.2 released
http://sourceforge.net/p/phpmyadmin/news/2013/05/phpmyadmin-402-is-released/
+ Squid 3.3.5 released
http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html
+ Wireshark 1.8.7 Released
http://www.wireshark.org/docs/relnotes/wireshark-1.8.7.html
+ Update: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa
+ Update: HPSBMU02742 SSRT100740 rev.2 - HP System Management Homepage (SMH) for Linux, Windows and ESX 4.1, Remote Unauthorized Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03164351-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Update: HPSBPV02855 SSRT100512 rev.2 - HP ProCurve 1700-8(J9079A) and 1700-24(J9080A) Switches, Cross Site Request Forgery (CSRF)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03699981-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03772083-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ CVE-2012-0814 Credentials Management vulnerability in SSH
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0814_credentials_management
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0814
+ Lucky Thirteen vulnerability in Solaris OpenSSL
https://blogs.oracle.com/sunsecurity/entry/lucky_thirteen_vulnerability_in_solaris
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
+ Multiple Permissions, Privileges, and Access Control vulnerabilities in Sudo
https://blogs.oracle.com/sunsecurity/entry/multiple_permissions_privileges_and_access
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776
+ CVE-2012-5134 Buffer Overflow vulnerability in libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5134_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
+ CVE-2013-0338 Denial of Service (DoS) vulnerability in libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0338_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338
+ CVE-2012-5526 Configuration vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5526_configuration_vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
+ CVE-2010-5107 Denial of Service vulnerability in SSH
https://blogs.oracle.com/sunsecurity/entry/cve_2010_5107_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107
+ Multiple Cross Site Scripting vulnerabilities in Apache HTTP server
https://blogs.oracle.com/sunsecurity/entry/multiple_cross_site_scripting_vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
+ CVE-2012-4429 Information Leak / Disclosure in vino
https://blogs.oracle.com/sunsecurity/entry/cve_2012_4429_information_leak
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4429
+ CVE-2012-4564 Design Error vulnerability in GIMP
https://blogs.oracle.com/sunsecurity/entry/cve_2012_4564_design_error
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564
+ CVE-2012-5195 Heap Buffer Overrun vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5195_heap_buffer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195
+ CVE-2012-5667 Heap Buffer Overflow vulnerability in GNU Grep
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5667_heap_buffer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5667
+ CVE-2012-6329 Code Injection vulnerability in Perl 5.8
https://blogs.oracle.com/sunsecurity/entry/cve_2012_6329_code_injection1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329
+ CVE-2012-6329 Code Injection vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_6329_code_injection
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329
+ Multiple vulnerabilities fixed in Wireshark 1.8.4
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_wireshark
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6062
+ CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.16
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1667_denial_of2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667
+ CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.12
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1667_denial_of1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667
+ CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.8
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1667_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667
+ Multiple vulnerabilities in Samba Web Administration Tool (SWAT)
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba_web
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214
+ HS13-012 Vulnerability in JP1/Integrated Management - TELstaff Alarm View
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-012/index.html
+ HS13-011 Cross-site Scripting Vulnerability in JP1/Automatic Operation
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-011/index.html
+ HS13-012 JP1/Integrated Management - TELstaff Alarm Viewにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-012/index.html
+ HS13-011 JP1/Automatic Operationにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-011/index.html
+ RHSA-2013:0847 Moderate: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0847.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153
+ Apache Ant 1.9.1 Released
http://ftp.meisei-u.ac.jp/mirror/apache/dist//ant/README.html
+ Apache Struts 2.3.14.2 released
http://struts.apache.org/release/2.3.x/docs/version-notes-23142.html
+ Dovecot 2.2.2 released
http://www.dovecot.org/list/dovecot-news/2013-May/000255.html
+ Perl 5.18.0 released
http://www.perl.org/get.html
+ Samba 4.0.6 Available for Download
http://samba.org/samba/history/samba-4.0.6.html
+ REMOTE: SIEMENS Solid Edge ST4 WebPartHelper ActiveX - RFMSsvs!JShellExecuteEx RCE
http://www.exploit-db.com/exploits/25713
+ LOCAL: Sony Playstation 3 (PS3) 4.31 - Save Game Preview SFO File Handling Local Command Execution
http://www.exploit-db.com/exploits/25718
+ LOCAL: AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass
http://www.exploit-db.com/exploits/25725
+ DoS/PoC: SIEMENS Solid Edge ST4 SEListCtrlX ActiveX - SetItemReadOnly Arbitrary Memory Rewrite RCE
http://www.exploit-db.com/exploits/25712
+ DoS/PoC: SAS Integration Technologies Client 9.31_M1 (SASspk.dll) - Stack-Based Overflow
http://www.exploit-db.com/exploits/25714
+ DoS/PoC: Trend Micro DirectPass 1.5.0.1060 - Multiple Software Vulnerabilities
http://www.exploit-db.com/exploits/25719
+ Dovecot 'APPEND' Parameter Denial of Service Vulnerability
http://www.securityfocus.com/bid/60052
InterScan Web Security Suite 3.1 Linux 版 Patch 7 (Build 1320) 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1954
【復旧】ウイルスバスターのお客さまサポート電話窓口に繋がりにくい問題
http://www.trendmicro.co.jp/support/news.asp?id=1962
InterScan Web Security Suite 5.6 Linux版 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1955
パターンファイル番号の桁上がりにより発生するパターンアップデートが出来ない問題について
http://www.trendmicro.co.jp/support/news.asp?id=1959
定期サーバメンテナンスのお知らせ(2013年5月24日)
http://www.trendmicro.co.jp/support/news.asp?id=1960
MicroOLAP Database Designer for PostgreSQL v1.9.0 released
http://www.postgresql.org/about/news/1465/
「EC-CUBE」におけるアクセス制限不備の脆弱性対策について(JVN#45306814)
http://www.ipa.go.jp/security/ciadr/vul/20130523-jvn.html
ミツバチを使って地雷探査:クロアチアと米国(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20130527/479704/?ST=security
三越の通販サイトで8289件の顧客情報漏洩、520万件の不正ログイン試行
http://itpro.nikkeibp.co.jp/article/NEWS/20130525/479541/?ST=security
農水省へのサイバー攻撃で124点の行政文書の流出の可能性
http://itpro.nikkeibp.co.jp/article/NEWS/20130525/479521/?ST=security
Yahoo! JAPAN ID約148万6000件で暗号化パスワードなど漏洩の可能性
http://itpro.nikkeibp.co.jp/article/NEWS/20130523/479201/?ST=security
トレンドマイクロ、Windows XP対応製品のサポートを2014年4月以降も継続
個人向けウイルスバスターは2015年12月、企業向けは2017年1月まで
http://itpro.nikkeibp.co.jp/article/NEWS/20130523/479161/?ST=security
日本セーフネット、暗号鍵管理機器「Luna SA」を仮想サーバー型に刷新
http://itpro.nikkeibp.co.jp/article/NEWS/20130523/478984/?ST=security
Twitterが2段階認証を導入、アカウント保護を強化
http://itpro.nikkeibp.co.jp/article/NEWS/20130523/478943/?ST=security
世界のセキュリティ・ラボから
Facebookプロフィールを乗っ取るブラウザー拡張機能
http://itpro.nikkeibp.co.jp/article/COLUMN/20130522/478707/?ST=security
JVN#39699406 EC-CUBE における不適切な入力確認に起因する情報漏えいの脆弱性
http://jvn.jp/jp/JVN39699406/
JVN#45306814 EC-CUBE におけるアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN45306814/
JVN#00985872 EC-CUBE におけるセッション固定の脆弱性
http://jvn.jp/jp/JVN00985872/
JVN#52552792 EC-CUBE におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN52552792/
JVNVU#92679127 Apple QuickTime における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU92679127/index.html
2013年5月17日金曜日
17日 金曜日、大安
+ RHSA-2013:0830 Important: kernel security update
http://rhn.redhat.com/errata/RHSA-2013-0830.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094
+ RHSA-2013:0831 Moderate: libvirt security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0831.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962
+ RHSA-2013:0827 Important: openswan security update
http://rhn.redhat.com/errata/RHSA-2013-0827.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2053
+ About the security content of iTunes 11.0.3
http://support.apple.com/kb/HT5766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1011
+ CESA-2013:0827 Important CentOS 6 openswan Update
http://lwn.net/Alerts/550921/
+ CESA-2013:0827 Important CentOS 5 openswan Update
http://lwn.net/Alerts/550920/
+ CESA-2013:0820 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/550709/
+ CESA-2013:0820 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/550710/
+ CESA-2013:0821 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/550711/
+ CESA-2013:0821 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/550712/
+ Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130515-mse
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1236
+ OpenSSH 6.2p2 released
http://www.openssh.com/txt/release-6.2p2
+ Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094
+ SA53393 Ajax Availability Calendar Multiple Vulnerabilities
http://secunia.com/advisories/53393/
+ SA53392 ownCloud Multiple Vulnerabilities
http://secunia.com/advisories/53392/
+ SSH User Code Execution
http://cxsecurity.com/issue/WLB-2013050135
+ python backports ssl_match_hostname Resource Exhaustion 0day
http://cxsecurity.com/issue/WLB-2013050127
+ Python 'ssl.match_hostname()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/59877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2098
Adobe Reader および Acrobat の脆弱性対策について (APSB13-15)(CVE-2013-2549等)
http://www.ipa.go.jp/security/ciadr/vul/20130515-adobereader.html
Adobe Flash Player の脆弱性対策について (APSB13-14)(CVE-2013-2728等)
http://www.ipa.go.jp/security/ciadr/vul/20130515-adobeflashplayer.html
Microsoft 製品の脆弱性対策について(5月)
http://www.ipa.go.jp/security/ciadr/vul/20130515-ms.html
警察庁が「サイバー攻撃分析センター」、全国の警察から情報を収集
http://itpro.nikkeibp.co.jp/article/NEWS/20130517/477483/?ST=security
脅威高まる車載ソフトへの攻撃
第5回 対策に「王道」を求めるな
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/475088/?ST=security
自分のパスワードを棚卸ししてみた
http://itpro.nikkeibp.co.jp/article/Watcher/20130514/476805/?ST=security
シマンテック、公明党議員向けにネット選挙対策勉強会を開催
http://itpro.nikkeibp.co.jp/article/NEWS/20130516/477385/?ST=security
チェック・ポイント、SMB向け弁当箱UTMの後継機「600 Appliance」を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130516/477383/?ST=security
デル、ハイエンド級ファイアウォールの下位シリーズ「SuperMassive 9000」を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130516/477343/?ST=security
IE8のゼロデイ脆弱性を修正するパッチ公開、早急に適用を
別バージョンのIEにも危険な脆弱性、10件中2件は危険度が最悪の「緊急」
http://itpro.nikkeibp.co.jp/article/NEWS/20130516/477204/?ST=security
世界のセキュリティ・ラボから
Google Glassとセキュリティの懸念
http://itpro.nikkeibp.co.jp/article/COLUMN/20130511/476281/?ST=security
トレンドマイクロが「3D戦略」公開、ウイルスバスターモバイルなど新製品3種を発売
http://itpro.nikkeibp.co.jp/article/NEWS/20130515/477022/?ST=security
JVNVU#91592755 Mutiny にディレクトリトラバーサルの脆弱性
http://jvn.jp/cert/JVNVU91592755/
JVNVU#98097798 IBM Notes のメールクライアントに Java および Javascript が実行される問題
http://jvn.jp/cert/JVNVU98097798/
JVNTA13-134A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-134A/
JVNVU#91241075 Serva にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU91241075/
JVNVU#91064079 ColdFusion に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU91064079/
JVN#85371480 Wi-Fiスポット設定用ソフトウェアにおける接続処理に関する脆弱性
http://jvn.jp/jp/JVN85371480/index.html
VU#701572 Mutiny Appliance contains multiple directory traversal vulnerabilities
http://www.kb.cert.org/vuls/id/701572
DoS/PoC: Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of service
http://www.exploit-db.com/exploits/25472
2013年5月15日水曜日
15日 水曜日、先負
+ 2013 年 5 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-may
+ MS13-037 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2829530)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1297
+ MS13-038 - 緊急 Internet Explorer 用のセキュリティ更新プログラム (2847204)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347
+ MS13-039 - 重要 HTTP.sys の脆弱性により、サービス拒否が起こる (2829254)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1305
+ MS13-040 - 重要 .NET Framework の脆弱性により、なりすましが行われる (2836440)
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1337
+ MS13-041 - 重要 Lync の脆弱性により、リモートでコードが実行される (2834695)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1302
+ MS13-042 - 重要 Microsoft Publisher の脆弱性により、リモートでコードが実行される (2830397)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1329
+ MS13-043 - 重要 Microsoft Word の脆弱性により、リモートでコードが実行される (2830399)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1335
+ MS13-044 - 重要 Microsoft Visio の脆弱性により、情報漏えいが起こる (2834692)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1301
+ UPDATE: Microsoft Security Advisory (2847140) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2847140
+ Microsoft Security Advisory (2846338) Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2846338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1346
+ Microsoft Security Advisory (2820197) Update Rollup for ActiveX Kill Bits
http://technet.microsoft.com/en-us/security/advisory/2820197
+ UPDATE: Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
http://technet.microsoft.com/en-us/security/advisory/2755801
+ マイクロソフト セキュリティ アドバイザリ (2846338) Microsoft Malware Protection Engine の脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2846338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1346
+ マイクロソフト セキュリティ アドバイザリ (2820197) ActiveX の Kill Bit 更新プログラムのロールアップ
http://technet.microsoft.com/ja-jp/security/advisory/2820197
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801
+ RHSA-2013:0821 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-0821.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1681
+ RHSA-2013:0820 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-0820.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1681
+ Mozilla Firefox 21.0 released
http://www.mozilla.jp/firefox/21.0/releasenotes/
+ Mozilla Thunderbird 17.0.6 released
http://www.mozilla.jp/thunderbird/17.0.6/releasenotes/
+ MFSA 2013-48 Memory corruption found using Address Sanitizer
http://www.mozilla.org/security/announce/2013/mfsa2013-48.html
+ MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
http://www.mozilla.org/security/announce/2013/mfsa2013-47.html
+ MFSA 2013-46 Use-after-free with video and onresize event
http://www.mozilla.org/security/announce/2013/mfsa2013-46.html
+ MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries
http://www.mozilla.org/security/announce/2013/mfsa2013-45.html
+ MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
http://www.mozilla.org/security/announce/2013/mfsa2013-44.html
+ MFSA 2013-43 File input control has access to full path
http://www.mozilla.org/security/announce/2013/mfsa2013-43.html
+ MFSA 2013-42 Privileged access for content level constructor
http://www.mozilla.org/security/announce/2013/mfsa2013-42.html
+ MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
http://www.mozilla.org/security/announce/2013/mfsa2013-41.html
+ APSB13-15 Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-15.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3342
+ APSB13-14 Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb13-14.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3335
+ APSB13-13 Security update: Hotfix available for ColdFusion
http://www.adobe.com/support/security/bulletins/apsb13-13.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3336
+ CESA-2013:0815 Moderate CentOS 6 httpd Update
http://lwn.net/Alerts/550572/
+ CESA-2013:0815 CentOS 5 httpd Update
http://lwn.net/Alerts/550563/
+ phpMyAdmin 4.0.1 released
http://sourceforge.net/p/phpmyadmin/news/2013/05/phpmyadmin-401-is-released/
+ UPDATE: HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03714526-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ SA53348 Apache Tomcat FormAuthenticator Session Hijacking Weakness
http://secunia.com/advisories/53348/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067
+ LOCAL: Linux PERF_EVENTS - Local Root Exploit
http://www.exploit-db.com/exploits/25444
+ LOCAL: Linux Kernel open-time Capability file_ns_capable() Privilege Escalation
http://www.exploit-db.com/exploits/25450
+ Linux Kernel PERF_EVENTS Local Root Exploit
http://cxsecurity.com/issue/WLB-2013050119
+ Linux Kernel open-time Capability file_ns_capable() Privilege Escalation
http://cxsecurity.com/issue/WLB-2013050123
+ Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/59846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094
JS_REDIR.SMSA/JS_REDIR.BK の誤警告情報
http://www.trendmicro.co.jp/support/news.asp?id=1958
脅威高まる車載ソフトへの攻撃
第3回 クルマはどこから攻撃されるのか
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/475086/?ST=security
ぷらっとホーム、URLフィルタリング機器に端末50台規模の小規模版を追加
http://itpro.nikkeibp.co.jp/article/NEWS/20130514/476843/?ST=security
リコーITソリューションズ、米国訴訟向けのメールアーカイブ構築サービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130514/476787/?ST=security
「全国民を顔写真付きでデータベース化」? 米国で法案審議に懸念の声(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20130514/476683/?ST=security
“地下サイト”では日本ブランドが高値、「jp」は「com」の10倍以上
トレンドマイクロが報告、日本のメールアドレスやパスワードも高額買い取り
http://itpro.nikkeibp.co.jp/article/NEWS/20130514/476681/?ST=security
VU#127108 Serva32 2.1.0 TFTPD service buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/127108
VU#113732 Adobe ColdFusion 9 & 10 code injection vulnerability
http://www.kb.cert.org/vuls/id/113732
REMOTE: SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution
http://www.exploit-db.com/exploits/25445
REMOTE: SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution
http://www.exploit-db.com/exploits/25446
LOCAL: ERS Viewer 2011 ERS File Handling Buffer Overflow
http://www.exploit-db.com/exploits/25448
LOCAL: Kloxo 6.1.6 - Local Privilege Escalation
http://www.exploit-db.com/exploits/25406
2013年5月14日火曜日
14日 火曜日、友引
+ RHSA-2013:0815 Moderate: httpd security update
http://rhn.redhat.com/errata/RHSA-2013-0815.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
+ Memory disclosure with specially crafted HTTP backend responses Severity: medium
http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070
+ CESA-2013:0807 Low CentOS 5 hypervkvpd Update
http://lwn.net/Alerts/550430/
+ UPDATE: HPSBMU02786 SSRT100877 rev.2 - HP System Management Homepage (SMH) Running on Linux, Windows, and VMware ESX, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03360041-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
http://www.securityfocus.com/bid/59826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
トレンドマイクロ: 個人のお客様向け製品の管理システム改修のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1956
PostgreSQL 9.3 Beta 1 Released
http://www.postgresql.org/about/news/1463/
脅威高まる車載ソフトへの攻撃
第2回 車載ソフトへの攻撃例が続々
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/475085/?ST=security
ヤフーとデジタルハーツ、政治家向けにHPセキュリティ診断サービスを提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130513/476572/?ST=security
UPDATE: JVNVU#97576465 Internet Explorer 8 に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU97576465/
JVN#18501376 OpenPNE におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN18501376/
LOCAL: Kloxo 6.1.6 - Local Privilege Escalation
http://www.exploit-db.com/exploits/25406
DoS/PoC: No-IP Dynamic Update Client (DUC) 2.1.9 - Local IP Address Stack Overflow
http://www.exploit-db.com/exploits/25411
2013年5月13日月曜日
13日 月曜日、先勝
+ UPDATE: Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp
+ Apache Tomcat 7.0.40 released
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.40
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2071
+ Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
http://www.securitytracker.com/id/1028534
http://cxsecurity.com/issue/WLB-2013050090
http://www.securityfocus.com/bid/59799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067
+ Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028533
http://cxsecurity.com/issue/WLB-2013050089
http://www.securityfocus.com/bid/59797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544
+ Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
http://www.securitytracker.com/id/1028532
http://cxsecurity.com/issue/WLB-2013050088
http://www.securityfocus.com/bid/59798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2071
+ Linux Kernel 'tun.c' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/59804
UPDATE: Internet Explorer 8 の脆弱性対策について (KB2847140)(CVE-2013-1347)
http://www.ipa.go.jp/security/ciadr/vul/20130507-ms.html
チェックしておきたい脆弱性情報<2013.05.13>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/474932/?ST=security
脅威高まる車載ソフトへの攻撃
第1回 標的になる車載ソフト
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/475084/?ST=security
ディノスに111万件の不正アクセス、1万5000件の不正ログイン
http://itpro.nikkeibp.co.jp/article/NEWS/20130510/475982/?ST=security
DoS/PoC: Lan Messenger sending PM Buffer Overflow(UNICODE) - Overwrite SEH
http://www.exploit-db.com/exploits/25363
2013年5月10日金曜日
10日 金曜日、仏滅
+ マイクロソフト セキュリティ情報の事前通知 - 2013 年 5 月
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-may
+ APSB13-15 Prenotification Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-15.html
+ APSA13-03 Security Advisory for ColdFusion
http://www.adobe.com/support/security/advisories/apsa13-03.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3336
+ RHSA-2013:0807 Low: hypervkvpd security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0807.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5532
+ Symantec Brightmail Gateway Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028530
http://secunia.com/advisories/53366/
http://www.securityfocus.com/bid/59700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1611
+ nginx 1.3.9 - 1.4.0 Remote Buffer Overflow
http://cxsecurity.com/issue/WLB-2013050059
+ Fujitsu Desktop Update Privilege Escalation
http://cxsecurity.com/issue/WLB-2013050076
+ Microsoft May 2013 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/59785
サーバメンテナンスのお知らせ(2013年5月13日)
http://www.trendmicro.co.jp/support/news.asp?id=1953
Seriously: PHP 5.4.15 and PHP 5.3.25 really were released!
http://php.net/archive/2013.php#id2013-05-09-3
「IE8へのゼロデイ攻撃」を回避するツール、マイクロソフトが公開
設定を変更して既知の攻撃を防ぐ、脆弱性は修正されない
http://itpro.nikkeibp.co.jp/article/NEWS/20130510/475962/?ST=security
法人向けAndroidセキュリティ製品「ESET Endpoint Security for Android」のベータ版が提供開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130509/475761/?ST=security
ラネクシー、企業向けWindowsイメージバックアップソフトの新版を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130509/475723/?ST=security
2013年5月9日木曜日
9日 木曜日、友引
+ Selenium IDE 2.0.0 released
http://code.google.com/p/selenium/wiki/SeIDEReleaseNotes
+ Selenium The Internet Explorer Driver Server 2.32.2 released
http://docs.seleniumhq.org/download/
+ UPDATE: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm
+ Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1225
+ PSN-2013-05-938 2013-05 Security Bulletin: Network and Security Manager: Multiple Apache Axis2 vulnerabilities fixed
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-05-938&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0219
+ PSN-2013-05-939 2013-05 Security Bulletin: Junos Space: CVE-2013-3497 Password disclosure while viewing configuration
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-05-939&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3497
+ PSN-2013-05-940 2013-05: Security Bulletin: SmartPass WLAN Security Management: CVE-2013-3498 XSS Vulnerability
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-05-940&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3498
+ PSN-2013-05-941 2013-05 Security Bulletin: Steel Belted Radius: OpenSSL vulnerability CVE-2012-2110
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-05-941&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
+ PSN-2013-05-942 2013-05 Network Management, Identity and Policy Control Security Advisories Released
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-05-942&viewMode=view
+ UPDATE: Microsoft Security Advisory (2847140) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2847140
+ SYM13-004 Security Advisories Relating to Symantec Products - Symantec Brightmail Gateway Management Console Stored XSS
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130508_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1611
+ Samba 3.6.15 Available for Download
http://samba.org/samba/history/samba-3.6.15.html
+ LOCAL: Linux Kernel open-time Capability file_ns_capable() - Privilege Escalation Vulnerability
http://www.exploit-db.com/exploits/25307
+ Multiple Linux setuid output redirection vulnerabilities
http://cxsecurity.com/issue/WLB-2013040197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1959
+ Linux Kernel Capability file_ns_capable() Privilege Escalation Vulnerability
http://cxsecurity.com/issue/WLB-2013050069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979
パスワードマネージャーのプログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1952
世界のセキュリティ・ラボから
9000万の「いいね!」が付いた偽Facebookページ
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/474933/?ST=security
波紋を呼ぶ「Google Glass」、使用を禁止する動きが米国で相次ぐ
http://itpro.nikkeibp.co.jp/article/NEWS/20130508/475281/?ST=security
JVN#61972596 Online Service Gate におけるパスワード管理不備の問題
http://jvn.jp/jp/JVN61972596/
UPDATE: JVNVU#97576465 Internet Explorer 8 に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU97576465/index.html
2013年5月8日水曜日
8日 水曜日、先勝
+ CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1667_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667
+ CVE-2013-0169 "Lucky Thirteen" vulnerability in VirtualBox Extension pack
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0169_lucky_thirteen
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
+ マイクロソフト セキュリティ アドバイザリ (2847140) Internet Explorer の脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2847140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347
+ nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2028
+ REMOTE: Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability
http://www.exploit-db.com/exploits/25294
+ REMOTE: Dovecot with Exim sender_address Parameter - Remote Command Execution
http://www.exploit-db.com/exploits/25297
+ SA53248 nginx "ngx_http_parse_chunked()" Buffer Overflow Vulnerability
http://secunia.com/advisories/53248/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2028
+ nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/59699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2028
Internet Explorer 8 の脆弱性対策について (KB2847140)(CVE-2013-1347)
http://www.ipa.go.jp/security/ciadr/vul/20130507-ms.html
IE8に新たな脆弱性、ゼロデイ攻撃が出現
パッチの公開は未定、IE 6/7/9/10は影響を受けない
http://itpro.nikkeibp.co.jp/article/NEWS/20130508/475201/?ST=security
チェックしておきたい脆弱性情報<2013.05.08>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/474924/?ST=security
トレンドマイクロのDeep Securityがエージェントレスの自動更新に対応
http://itpro.nikkeibp.co.jp/article/NEWS/20130507/475155/?ST=security
RSAがOTP認証サーバーに新版、OTPの代わりにリスクベース認証も可能
http://itpro.nikkeibp.co.jp/article/NEWS/20130507/475038/?ST=security
IPA、スマホを狙ったワンクリック詐欺に注意呼びかけ
http://itpro.nikkeibp.co.jp/article/NEWS/20130507/474881/?ST=security
JVNVU#97576465 Internet Explorer 8 に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU97576465/
VU#237655 Microsoft Internet Explorer 8 CGenericElement object use-after-free vulnerability
http://www.kb.cert.org/vuls/id/237655
LOCAL: AudioCoder .M3U Buffer Overflow
http://www.exploit-db.com/exploits/25296
DoS/PoC: Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities
http://www.exploit-db.com/exploits/25295
nginx 1.3.9 - 1.4.0 Remote Buffer Overflow
http://cxsecurity.com/issue/WLB-2013050059
Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability
http://cxsecurity.com/issue/WLB-2013050060
2013年5月7日火曜日
7日 火曜日、赤口
+ RHSA-2013:0788 Moderate: subscription-manager security update
http://rhn.redhat.com/errata/RHSA-2013-0788.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6137
+ phpMyAdmin 4.0.0 released
http://sourceforge.net/p/phpmyadmin/news/2013/05/phpmyadmin-400-is-released/
+ Tomcat 6.0.37 Released
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
+ VU#237655 Microsoft Internet Explorer 8 CGenericElement object use-after-free vulnerability
http://www.kb.cert.org/vuls/id/237655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347
+ Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0267
+ Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347
+ SA53193 Microsoft Internet Explorer Files and Folders Enumeration Weaknesses
http://secunia.com/advisories/53193/
+ SA53314 Microsoft Internet Explorer Unspecified Use-After-Free Vulnerability
http://secunia.com/advisories/53314/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347
+ Windows 8 factory preinstallation of Fujitsu Lifebook A512 Vulnerabilities
http://cxsecurity.com/issue/WLB-2013050043
+ Microsoft Security Essentials Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/59645
+ Microsoft Internet Explorer CVE-2013-1347 Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/59641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347
宮本和明のシリコンバレー最新技術報告
「パスワードでの保護は限界」と結論したGoogleが評価するセキュリティ技術
http://itpro.nikkeibp.co.jp/article/COLUMN/20130502/474661/?ST=security
[業界動向:NEC、日立]拡充進むビッグデータ関連サービス 大手IT、得意技で競う
http://itpro.nikkeibp.co.jp/article/COLUMN/20130228/459744/?ST=security
“日本の標準暗号”が10年ぶり大改定、国産暗号削減よりもRC4とSHA-1の管理ポスト入りが影響大
http://itpro.nikkeibp.co.jp/article/Watcher/20130426/474102/?ST=security
LOCAL: ABBS Audio Media Player v3.1 (.lst) Buffer Overflow
http://www.exploit-db.com/exploits/25204
LOCAL: AudioCoder 0.8.18 - Buffer Overflow Exploit (SEH)
http://www.exploit-db.com/exploits/25141
2013年5月2日木曜日
2日 木曜日、先勝
+ UPDATE: Multiple Vulnerabilities in Cisco Unified Computing System
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti
+ HPSBUX02876 SSRT101148 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03750073-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
+ REMOTE: phpMyAdmin Authenticated Remote Code Execution via preg_replace()
http://www.exploit-db.com/exploits/25136
+ LOCAL: sudo v1.8.0-1.8.3p1 (sudo_debug) - Root Exploit + glibc FORTIFY_SOURCE Bypass
http://www.exploit-db.com/exploits/25134
+ Linux Kernel KVM CVE-2013-1798 Denial of Service Vulnerability
http://www.securityfocus.com/bid/58604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1798
緊急サーバメンテナンスを実施しました
http://www.trendmicro.co.jp/support/news.asp?id=1951
2013年5月の呼びかけ
「 スマホにおける新たなワンクリック請求の手口に気をつけよう! 」
http://www.ipa.go.jp/security/txt/2013/05outline.html
「Struts 2の脆弱性を突いて不正侵入」、JINS通販サイトのカード情報漏洩
http://itpro.nikkeibp.co.jp/article/NEWS/20130501/474536/?ST=security
JVNVU#98097798 IBM Notes のメールクライアントに Java および Javascript が実行される問題
http://jvn.jp/cert/JVNVU98097798/
REMOTE: Wordpress W3 Total Cache PHP Code Execution
http://www.exploit-db.com/exploits/25137
DoS/PoC: Syslog Watcher Pro 2.8.0.812 - (Date Parameter) - Cross Site Scripting Vulnerability
http://www.exploit-db.com/exploits/25135
DoS/PoC: WPS Office Wpsio.dll - Stack Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/25140
2013年5月1日水曜日
1日 水曜日、赤口
+ Ubuntu 13.04 released
http://www.ubuntu.com/download/desktop/install-desktop-latest
+ Multiple vulnerabilities in Samba Web Administration Tool (SWAT)
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba_web
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214
+ Algorithmic complexity vulnerability in Apache Ant
https://blogs.oracle.com/sunsecurity/entry/algorithmic_complexity_vulnerability_in_apache
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098
+ FreeBSD NFS Server Input Validation Bug May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3266
+ VU#912420 IBM Notes runs arbitrary JAVA and Javascript in emails
http://www.kb.cert.org/vuls/id/912420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0538
+ phpMyAdmin 3.5.8 Authenticated Remote Code Execution Exploit
http://cxsecurity.com/issue/WLB-2013040203
+ phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution
http://cxsecurity.com/issue/WLB-2013040179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3238
+ phpMyAdmin CVE-2013-3238 Multiple Arbitrary PHP Code Execution Vulnerabilities
http://www.securityfocus.com/bid/59460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3238
Endpoint Security Client enhancement hotfix for Anti-Malware detection capabilities
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92745&src=securityAlerts
TROJ_GEN.FC2CKDT の誤警告情報
http://www.trendmicro.co.jp/support/news.asp?id=1950
AXLE improves analytics on Big Data
http://www.postgresql.org/about/news/1461/
「ITセキュリティ評価及び認証制度に関する説明会
~政府調達における海外動向と日本への影響について~」 開催のご案内
http://www.ipa.go.jp/security/jisec/seminar/cc_semi_20130530.html
チェックしておきたい脆弱性情報<2013.05.01>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130426/474101/?ST=security
JVNVU#94853684 McAfee ePolicy Orchestrator に複数の脆弱性
http://jvn.jp/cert/JVNVU94853684/
JVNVU#94115218 Dentrix G5 の認証情報に関する脆弱性
http://jvn.jp/cert/JVNVU94115218%20/
登録:
投稿 (Atom)